NetConf Call Home Configuration
By default, in the NetConf protocol (RFC 6241), a NetConf client application initiates the connection towards the NetConf server in the network element (OcNOS device). However, for certain use cases such as in the presence of firewalls or NAT, it is useful to have “call home” functionality where the connection process is reversed and the NetConf server initiates the connection to the NetConf client. This process, as shown in
Figure 1-8, is standardized by IETF in RFC 8071.
RFC 8071 NetConf call home functionality
OcNOS supports the call home feature (only for SSH) at the NetConf server side. You can use any standard NetConf client application which supports call home functionality. (Call home support in the NetConf client application [Yangcli] is not supported.)
Call home is generally useful for both the initial deployment and ongoing management of networking elements.
User Management VRF Configuration
(config)#netconf callhome | Enter call home mode |
(netconf-callhome)#feature netconf callhome enable | Enable the call home feature |
(netconf-callhome)#reconnect enable | Enable the reconnect feature |
(netconf-callhome)#retry-max-attempts 10 | Set the number of connect retries |
(netconf-callhome)#retry-interval 20 | Set the retry interval |
(netconf-callhome)#callhome server test-ch-server 192.168.56.1 | Configure the call home server |
(netconf-callhome)#management-port enp0s3 | Set the call home management port |
(netconf-callhome)#commit | Commit the candidate configuration to the running configuration |
(netconf-callhome)#exit | Exit call home mode |
User Defined VRF Configuration
(config)#netconf callhome | Enter call home mode |
(netconf-callhome)# netconf callhome vrf user-vrf | Netconf callhome for user defined vrf |
(netconf-callhome)#feature netconf callhome enable | Enable the call home feature |
(netconf-callhome)#reconnect enable | Enable the reconnect feature |
(netconf-callhome)#retry-max-attempts 10 | Set the number of connect retries |
(netconf-callhome)#retry-interval 20 | Set the retry interval |
(netconf-callhome)#callhome server test- ch-server 192.168.56.1 | Configure the call home server |
(netconf-callhome)#management-port enp0s3 | Set the call home management port (port will be part of user defined vrf) |
(netconf-callhome)#commit | Commit the candidate configuration to the running configuration |
(netconf-callhome)#exit | Exit call home mode |
Validation
(config)#do show running-config netconf-callhome
!
netconf callhome
feature netconf callhome enable
management-port enp0s3
reconnect enable
retry-max-attempts 10
retry-interval 20
callhome server test-ch-server 192.168.56.1
!
(config)#
(config)#do show users
Current user : (*). Lock acquired by user : (#).
CLI user : [C]. Netconf users : [N].
Location : Applicable to CLI users.
Session : Applicable to NETCONF users.
Line User Idle Location/Session PID TYPE Role
(#)(*) 130 vty 0 [C]root 0d00h00m pts/0 2730 Local network-admin
(config)#
Start the Call Home Server
After you start the call home server, the show users command displays a NetConf user.
2022 May 18 15:32:55.989 : OcNOS : CML : INFO : [CML_5]: Client [netconf (192.168.56.1)] established connection with CML server
(config)#do show users
Current user : (*). Lock acquired by user : (#).
CLI user : [C]. Netconf users : [N].
Location : Applicable to CLI users.
Session : Applicable to NETCONF users.
Line User Idle Location/Session PID TYPE Role
(#)(*) 130 vty 0 [C]root 0d00h00m pts/0 2730 Local network-admin
NA [N]root 0d00h00m 192.168.56.1 2118 Local network-admin
(config)#
NetConf sget Output
While the NetConf client is running, the sget command returns the session-specific data:
sget /netconf-state/sessions
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<data>
<netconf-state xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring">
<sessions>
<session>
<session-id>1</session-id>
<transport
xmlns:ncm="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring">ncm:netconf-ssh</transport>
<username>root</username>
<source-host>192.168.56.1</source-host>
<login-time>2022-05-18T15:32:55Z</login-time>
<in-rpcs>0</in-rpcs>
<in-bad-rpcs>0</in-bad-rpcs>
<out-rpc-errors>0</out-rpc-errors>
<out-notifications>0</out-notifications>
</session>
</sessions>
</netconf-state>
</data>
</rpc-reply>
Stop the Call Home Server
After you stop the call home server, the show users command no longer displays a NetConf user.
2022 May 18 15:33:20.028 : OcNOS : CML : NOTIF : [CML_4]: Client [netconf (192.168.56.1)] has closed connection with CML server
(config)#
(config)#do show users
Current user : (*). Lock acquired by user : (#).
CLI user : [C]. Netconf users : [N].
Location : Applicable to CLI users.
Session : Applicable to NETCONF users.
Line User Idle Location/Session PID TYPE Role
(#)(*) 130 vty 0 [C]root 0d00h00m pts/0 2730 Local network-admin
(config)#